Is it possible to use psexec to execute a command on a remote machine without having admin privileges on the remote machine?

I tried running psexec \\<machine> -u <username> -p <password>, where <username> and
<password> are non-admin credentials, but I get an "access denied" error

I can remote desktop into the remote machine with the same credentials without any problems.

My local machine is running Windows 7 Enterprise 64-bit, and the remote machine is running Windows Server 2008 64-bit. I do have admin privileges on the local machine.

EDIT: To all the people who are downvoting this question: I am not trying to circumvent any sort of security measure. I can already run the process on the remote machine by remote desktop-ing into the remote machine and running it. I'm simply looking for a command-line way to do something I can already do through a GUI.

I am not trying to circumvent any security system. I am trying to do something I can already do through a GUI, through the command-line instead, which I find more convenient. Please explain to me how that constitutes circumventing a security system.
– HighCommander4Jun 15 '11 at 3:29

4

There are many times when a person who is an administrator has good reasons for finding a way to run a process without using full administrative rights. Sometimes, of course, it's not possible or not practical, but if a few tweaks to the system can make the difference between opening a system up fully vs. configuring it to be accessed using a more limited account, then it's often good to do the work needed to run under the more limited account.
– Shannon WagnerJun 10 '12 at 10:25

8

I administrate Windows, Linux and UNIX hosts in my job role and if I were to address a user's question by attacking him for asking the question I would soon be out of a job. This person is not requesting a method for circumventing administrative rights. He is asking for a method of using PSEXEC with limited rights to run a process that he already has rights to run through the GUI.
– Robert EbersMar 5 '14 at 19:52

8 Answers
8

You need to have admin rights on the
target as part of psexec starts up a
windows service on the target, and you
need admin rights to be able to do
that.

psexec copies a psexecsvc file to the
admin share and then using remote
management starts up a service using
that file. It opens up named pipes and
uses that for further communication.
When it's finished it tidies up after
itself.

Although I can't find OFFICIAL documentation that says the same thing.

Edit:
Or run the command as a scheduled task. Or use the -l switch in PsExec:Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity. See here:http://technet.microsoft.com/en-us/sysinternals/bb897553. Sorry to say but RTFM!

For example:
To run Internet Explorer as with limited-user privileges use this command:

psexec -l -d "c:\program files\internet explorer\iexplore.exe"

Note that the password is transmitted in clear text to the remote system.

The sysadmins won't allow this, and it shouldn't be necessary. It's not necessary on Linux.
– HighCommander4Jun 15 '11 at 1:08

4

@HighCommander4, what difference does it matter whether or not it's necessary on Linux? This is a Windows environment. Stop comparing apples to oranges.
– John GardeniersJun 15 '11 at 2:02

2

@John: I was just explaining that I'm not trying to do anything that should require admin privileges. I have two machines, with an account on each, and I'm trying to remotely start a process on one machine from the other machine. This seems to me a very natural thing to do, and it seems absurd to require admin privileges to do it.
– HighCommander4Jun 15 '11 at 2:46

@HighCommander4, what you are trying to do, which is administratively access a remote computer, DOES require admin access on Windows. While that may seem absurd to you it makes perfect sense to those who have to administer a Windows network.
– John GardeniersJun 15 '11 at 3:07

4

@John: What is "administrative" about running a program on your own account?
– HighCommander4Jun 15 '11 at 3:29

Ask your Domain Admin to do it for you. Which shouldn't be a problem unless what you're doing is fishy, right?
– SafadoJun 14 '11 at 22:25

2

Ask my Domain Admin to do what for me? I can already run the process by remote desktoping into the machine using the non-admin account, and running the process under that account, i.e. the process itself doesn't need admin privileges to run. I just want to be able to do this from the command-line rather than having to remote desktop into the machine.
– HighCommander4Jun 14 '11 at 22:33

1

Is it possible to install ssh on a Windows Server without admin privileges? If so, could you point me to a link? I tried OpenSSH but it seems to require admin privileges.
– HighCommander4Jun 15 '11 at 1:09

1

@tony roth: You do not need elevated perms to run an SSH daemon on Linux. You just need elevated perms to run it on a privileged port (0-1023). You can configure both client and server to use a non-privileged port, without needing elevated perms on either machine.
– HighCommander4Jun 15 '11 at 18:37

2

And in fact I have managed to set up OpenSSH on the Windows server without any admin privileges by running the SSH daemon on a non-privileged port. Go ahead and downvote me for daring to take the initiative to increase my productivity at my job without consulting the Holy Sysadmins first.
– HighCommander4Jun 15 '11 at 21:48

A solution would be to use an AutoIT script to log into your remote desktop on a schedule from your workstation. Have your "startup" folder execute your process via either a batch script or another AutoIT script (so that you can cancel if doing other work).
This is not command line, but it does automate your work within the parameters that your sysadmin has given you. Hope it helps.

There is probably a way to do this. It's probably as simple as editing WMI permissions on the machine. If it's not possible, then using something like WinRM would definitely work.

All of that is moot for you though. You don't have admin access to the machine at all. Therefore, you cannot make any of the changes necessary to get this going. You need to work this out with your sysadmin instead of asking us to help you go around him. Remember one thing very clearly, most of us here are sysadmins and we do not like users trying to go around us. That doesn't make us very likely to help you try to go around your sysadmins.

I don't see how I'm trying to "go around" anything. The sysadmins want me to be able to run processes on that machine, otherwise I wouldn't be able to remote desktop into it. All I want is a way to run the process using the command-line rather than the remote desktop GUI. Now I could go bug the sysadmins about this, or I could simply find a way to do it myself. I thought a community of professional sysadmins would try to help me, not lecture me.
– HighCommander4Jun 15 '11 at 18:40

@HighCommander - The answer is that the sysadmins must provide this ability to you. You cannot do it yourself as you do not have administrative rights on the machine. If they really approve of this, then ask them to give you the rights you need to be able to do what you need to do.
– Jason BergJun 15 '11 at 18:48

One sure fire way to bring yourself to the attention of the system is to post identical answers to old questions. Just dumping code without explanation isn't great either. Please update your answers with some explanation as to what the code does and how it solves the OPs problem.
– IainNov 27 '12 at 10:27

Ok, sometimes the PsExec eventhough it is installed wont invoke other exes when requested. The problem is to do with setting the EulaAccepted DWORD value to 1. I could not find a page which discusses this problem, so added here.
– ShyamNov 30 '12 at 10:02

Why does someone not just say that it is not possible? I need to do something similar (Remote Exec a SAS Program), which I do have access to do if I RDP into that server (i.e. I have logon access to the server. I have file system access to the source code folder and I have access to run SAS).

No sysadmin is his/her right mind is going to grant me full admin rights on that box just to exec remotely. Basically PSTools is a sysadmin tool not designed to be used for the deployment of actual IT system solutions.